A sad fact about running websites is that they can sometimes be hacked. We know exactly how stressful that is. Regardless of the impact, it has on your business and your audience. In this article, we will share a step-by-step guide to fixing a hacked website.
Few things to know before fixing a hacked website
First of all, no matter what platform you are using: WordPress, Drupal, Joomla… Any website can be hacked as important as how you prevent and fix the consequences!
When your WordPress site is hacked, you may lose your search engine ranking, your users are also exposed to viruses, and your reputation is tarnished by redirects to porn or websites. other bad, and worst of all, losing your entire site data.
If your website is a business site, security should be one of your top priorities.
Make sure you always have a good WordPress backup solution on hand like BackupBuddy, UpdraftPlus or All in One WP Migration.
Last, but probably most important, use security plugins like Wordfence, iTheme Security, Sucuri, etc.
See also: Top 5 best security plugins for WordPress (2022)
All of the above is great if you haven’t been hacked, but chances are if you’re reading this, it might be too late to take some of the precautions we mentioned above. . So before you do anything try to stay calm.
Signs that your website is hacked
Your website suddenly doesn’t work properly. But how do you know that the problem is the hack? Here are some signs that a website is being hacked:
- You cannot log in.
- The content on the website has been changed without you doing anything (eg: ads appear, there is new content …).
- The website is redirected to another website.
- When accessing the website, you or your readers receive a warning from the browser.
- When searching for its website, Google gives a warning that it may have been hacked.
- You receive notifications from the security plugin about unexpected changes.
- Your hosting provider warns you about unusual website activities (using CPU, RAM, database, etc.).
Why is my WordPress website hacked?
There are tons of reasons why your WordPress site could be hacked, but here are a few common ones.
1. Weak password
This is the most common cause. The most commonly used password in the world is “ password ”. A strong password is not only necessary for the WordPress webmaster account, but for all other accounts. Including FTP password, and database password.
2. Software not updated
Plugins, themes and even WordPress need to be updated regularly. Sometimes these updates fix serious security bugs caused by the manufacturers themselves. Therefore, if not updated regularly, your website will be prey to hackers.
3. The source code is not guaranteed
Plugins and themes that you are using that do not come from the manufacturer themselves can cause security holes for the website. So use free plugins and themes from the official WordPress repository. And should only use products with large downloads.
However, there are a few cases where the manufacturer itself creates security flaws and is exploited by hackers. With reputable developers, they will immediately release patches at rocket speed. To buy products from well-known developers.
Steps to fix hacked website
Depending on how the website is hacked, we will have different options. You do not have to do all of the following:
Step 1: Don’t panic
It sounds superfluous to advise someone who is panicking ” don’t panic “. But that’s what is needed most at the moment. You need to keep a clear head to diagnose and fix the problem.
If you can’t calm down yet, put the website into maintenance mode immediately and leave it there for a few hours until you feel calmer.
Step 2: Turn on maintenance mode
You certainly don’t want your customers or readers to find your website in this state. Such a shame.
Therefore, switch to maintenance mode as soon as possible.
Step 3: Reset password
Since you can’t know which password the hacker used to access the website, it’s important to change all existing passwords to prevent hackers from using them.
Entire passwords are not just passwords for all users in WordPress, but FTP passwords, database passwords, and hosting access passwords.
Step 4: Use security plugins
This is a necessary step for you to solve the problem on your own website. Install security plugins that will help you scan for viruses and find existing vulnerabilities on your website.
Step 5: Update themes & plugins
As a next step, make sure that all installed themes & plugins are updated to the latest version .
You should do this before doing any other patch work, because if the vulnerability is in an old theme or plugin, no matter how you fix it, hackers will still exploit the security flaw.
So make sure everything is up to date and remove any unused items before you continue
Step 6: Delete the user
If there are any admin accounts added to your WordPress site that you don’t recognize, delete them immediately.
Access the Members category, filter the list by Manage at the top of the list. Select the accounts you suspect, then select Remove in the Actions section .
Step 7: Delete unwanted files
To search for all added non-WordPress files, you can use security plugins like WordFence .
This plugin will let you know which files contain malicious code,and strange files appear in your website.
Step 8: Clean up the sitemap
One of the reasons your website is “red flagged” by search engines is because your sitemap.xml has been hacked.
The case that I have encountered is that the hacker has added strange links, with many different languages to the sitemap of the website. Many people do not pay attention to this, so even though the virus has been cleaned, it is still marked.
You can recreate the sitemap using SEO plugins, but you still have to notify Google that the site has been cleaned up.
Step 9: Reinstall theme & plugin
If your site is still having problems, you will need to reinstall all themes & plugins that were not updated in step 5. Please deactivate and remove, then reinstall.
Make sure you’ve switched your website to maintenance mode before doing this.
If you purchased a theme or plugin from a vendor that you’re not sure about, now is the time to consider whether or not to continue using it. If you downloaded a free theme & plugin somewhere other than WordPress, remove it immediately. Instead, use copyrighted products from the manufacturer itself. If budget is an issue for you, look for an alternative with the products on the WordPress repository.
If the problem is still not resolved. Visit the forum, and support page of the theme & plugin you use. In it you can find people who have the same problem as you and you will find the answer to your problem.
Step 10: Reinstall WordPress
If all else fails, replace all WordPress files with a completely new version. Here, I say replace, not reinstall the entire website from scratch.
Download the latest version of WordPress from the homepage, then upload the zip file to your hosting via FTP. Extract and overwrite all old files. Make sure you back up your wp-config.php & .htaccess files before you overwrite. Otherwis,e your website won’t work as you want it to.
Step 11: Clean up the database
Hacking into databases is a favorite job of hackers. That’s because database cleanup is a must-do when you fix a hacked website.
This work you should also do regularly, even when the website is operating normally. Deleting junk data will help you save hard drive space as well as make your website run faster.
How to protect your website from attacks?
So you have completed the steps of virus cleaning and resetting a new password for your WordPress website. Surely you feel more secure now, right?
However, the work does not stop there, you need to do more to prevent future attacks and avoid similar things from happening.
1. Make sure all passwords are safe
If you haven’t used a strong password, reinstall it now. Use passwords that are 8 to 16 characters long and include special characters, numbers,and upper and lower case letters. It will make it difficult for hackers to guess the password you are using.
Security plugins should be used, as they have the feature to require users to use strong passwords during account creation or password changes.
Create 2-factor authentication for every account you have
2. Keep the website up to date
Regular website updates are extremely important to protect your website from attacks. Every time themes and plugins release an update, you should run that update, as it often includes security and patches.
However, you should back up your website before updating your theme or any plugins. This is equally important, if the manufacturer’s upgrade has an existing website conflict, you can still roll back to the previous version.
3. Do not use unsafe themes & plugins
When installing a plugin, make sure it works well with your current WordPress version and that you download it from a reputable source.
Always use free themes & plugins on the WordPress repository. Do not use in any other source. If you buy from suppliers, check their reputation and product quality.
4. Delete when not in use
If you have any inactive themes or plugins in your system, delete them immediately. Or you are keeping unused WordPress installations, make sure they don’t exist on the server.
If you need to use the WordPress version, consider it cautiously before using it. Or maybe deploy on a temporary hosting to test as they will be especially vulnerable.
5. Use SSL
SSL is a security layer for the website and it is completely free. Currently, most hosting providers include Let’s Encrypt free SSL. You only need a few buttons to install SSL for your website very easily.
6. Don’t use cheap hosting
Cheap hosting means you will have to share resources with hundreds of other websites. This will not only slow down the website but also increase the chance of virus infection if the server is not well secured.
Moreover, in case the website has problems, you will not receive the dedicated support of the technical team. As well as their troubleshooting will be a lot slower. Then you will see the huge impact of using low-cost suppliers.
7. Firewall Setup
Using a security plugin, or services like, CloudFlare, Sucuri will help you create a protective wall against hacker attacks.
8. Use a security plugin
Security plugins will notify you of any unusual activity on the website. Including unauthorized logins, but strange files are added to the hosting. That way, you’ll be able to deal with the problem as soon as possible.
9. Using security services
If the website is bringing a lot of value to you, then consider using services from 3rd parties like Sucuri. They will be responsible for controlling, protecting and repairing when your website is hacked.
These services are not cheap at all. Even for foreigners. But ” expensive to pieces “, you will not regret the money you spent on this service. You just need to focus on developing the website. Leave the protection to the professionals.
Website hacking is an extremely bad experience for all of us. That means customers will abandon you. Your revenue will be reduced. Business is disrupted. And you will have to focus a lot of resources to solve this problem as soon as possible.
Here is a summary of the steps to take when your website is hacked:
- Reset all passwords.
- Update themes and plugins.
- Remove strange users.
- Delete unwanted files
- Clean up sitemap
- Reinstall themes, plugins and WordPress
- Clean up the database